CVE-2026-31959

Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...

Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

Quill has unbounded memory allocation via unvalidated size fields in Mach-O binary parsing

Impact Quill before version v0.7.1 contains an unbounded memory allocation vulnerability when parsing Mach-O binaries. Exploitation requires that Quill processes an attacker-supplied Mach-O binary, which is most likely in environments such as CI/CD pipelines, shared signing services, or any...

Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval

Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...

168wangxiao-ui (>=0.3.6 <=0.3.70), 3achatlibrary (>=1.0.0 <=1.0.9) +5430 more potentially affected by CVE-2025-15056 via quill (>=0.19.14 <=2.0.3)

quill NPM version =0.19.14, =0.3.6, =1.0.0, =19.0.0, =1.0.1, =1.0.0, =1.0.10, =3.1.1-0, =2.10.1, =0.1.6, =1.0.7, =19.0.0, =19.1.0 and more Source cves: CVE-2025-15056 Source advisory: SNYK:JS-QUILL-14927397...

org.iplass:iplass-admin (>=4.0.0 <=4.0.20), org.iplass:iplass-gem (>=4.0.0 <=4.0.20) +7 more potentially affected by CVE-2025-15056 via org.webjars.npm:quill (>=2.0.0-rc.2 <=2.0.2)

org.webjars.npm:quill MAVEN version =2.0.0-rc.2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =2.10.2, =2.10.3-ssr.3 Source cves: CVE-2025-15056 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14927398...

@11kit/tiny-engine-plugin-robot (>=2.10.1 <=2.10.2), @123usmanhaider321/ui (>=0.1.6 <=0.1.8) +870 more potentially affected by CVE-2025-15056 via quill (=2.0.3)

quill NPM version =2.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on quill and may be impacted: - @11kit/tiny-engine-plugin-robot =2.10.1, =0.1.6, =1.15.1-sim3, =3.0.0, =1.0.68, =3.6.2-social.2, =1.1.15, =1.0.4, =0.1.3, =1.0.0, =1.0.4144, =0.1.0,...

Quill 注入漏洞

Quill is a Quill open source application. It provides application editor functionality. Quill 2.0.3 version of the injection vulnerability , the vulnerability stems from the HTML export function lack of data validation , which may lead to cross-site scripting attacks...

168wangxiao-ui (>=0.3.6 <=0.3.70), 3achatlibrary (>=1.0.0 <=1.0.9) +4708 more potentially affected by CVE-2021-3163 via quill (>=0.19.14 <=1.3.7)

quill NPM version =0.19.14, =0.3.6, =1.0.0, =19.0.0, =1.0.1, =1.0.0, =1.0.10, =3.1.1-0, =1.0.7, =19.0.0, =0.0.1, =3.0.10 and more Source cves: CVE-2021-3163 Source advisory: OSV:GHSA-4943-9VGG-GR5R...

@alessio.filippucci/admin-dashboard-core (=0.0.0-development), @avoux/invoicing-manager (>=1.0.6 <=2.0.0) +144 more potentially affected by unknown CVE via quill (>=0.19.14 <=1.3.6)

quill NPM version =0.19.14, =1.0.6, =4.6.201905201249, =4.6.201907261001, =4.5.201903181201, =7.11.2, =3.0.201812052008, =2.0.5-web, =1.0.9, =1.9.0, =0.4.2, =28.3.0, =46.3.1-beta.0 - @microsoft/sp-application-base =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-588M-9QG5-35PQ...